Warning: Cyber spying spreads in Middle East
Boston, August 30, 2012
The scope of a cyber espionage campaign targeting Iran and other parts of the Middle East has widened, even after security experts blew the operation's cover last month, according to the research firm that discovered the Mahdi Trojan.
Israeli security company Seculert said it had identified about 150 new victims over the past six weeks as developers of the Mahdi virus had changed the code to evade detection by anti-virus programs. That has brought the total number of infections found so far to nearly 1,000, the bulk of them in Iran.
"These guys continue to work," Seculert chief technology officer Aviv Raff said via telephone from the company's headquarters in Israel.
The decision to keep the operation running implies that Mahdi's operators were not particularly worried about getting caught, said Roel Schouwenberg, a senior researcher with Kaspersky Lab, which has collaborated with Seculert to analyze Mahdi.
Schouwenberg said some viruses are designed for stealth because they become useless if they are discovered. He pointed to the Stuxnet Trojan that targeted Iran's nuclear program in 2010. After that customer-built virus was uncovered by a security researcher in Belarus, authorities in Iran discovered it in a uranium enrichment facility that it had targeted.
Mahdi is a "less professional" operation that runs on technology built with widely available software, according to Schouwenberg.
"If the quality of your operation is not that high, then maybe you don't care about being discovered," he said. "But the scary thing is that it can still be effective."
The Mahdi Trojan allows remote attackers to steal files from infected PCs, and monitor emails and instant messages, Seculert and Kaspersky said. It can also record audio, log keystrokes and take screen shots of activity on those computers.
The firms said they believed multiple gigabytes of data have been uploaded from targeted machines.
Targets of Mahdi include critical infrastructure firms, engineering students, financial services firms and government embassies located in five Middle Eastern countries, with the majority of the infections in Iran, according to the two security firms.
The bulk of the new victims were also in Iran, according to Seculert, though a few were identified in the United States and Germany.
The two firms have declined to identify specific victims.
Seculert's Raff said he suspected the campaign was being run by hacker activists, or "hactivists," who were either funded by a government or who provide information they collect to a nation for ideological reasons. He declined to say which country might be involved.
Seculert and Kaspersky dubbed the campaign Mahdi after a term referring to the prophesied redeemer of Islam because evidence suggests the attackers used a folder with that name as they developed the software to run the project.
They also included a text file named mahdi.txt in the malicious software that infected target computers. - Reuters
More Miscellaneous Stories
- Dubai chamber F&B group sets roadmap for 2014
- Feminisation drive costs $213m to Saudi firms
- US interiors firm opens MEA base in Dubai
- Saudi 'spends $1.6bn on energy drinks'
- Farmer is jailed for raping housemaid in Bahrain
- Bahraini mother recounts firebombs agony
- Guard foils masked ATM robbers in Bahrain
- Bahraini on Arab world's 'most powerful women' list
- Latest kitchen technology at Sharjah event
- Number of HNWIs in Africa to double by 2023
- World boxing legend to visit Bahrain
- UAE road accidents decline by 23.5pc
- Top businesswomen in Bahrain honoured
- Death penalty sought for Bahrain terrorists
- Girl, 9, dies after fall from 8th floor in Abu Dhabi
- Lebanese café brand opens Dubai outlet
- Bahrain poultry firm told to step up safety
- Customer dies in Bahrain cafe brawl
- Bahraini boys hurt while planting bombs
- Philips, Ericsson launch LED street lighting
- DuBiotech to set up first Halal safety lab
- Jotun to supply coatings for Makkah Station
- Raytheon wins $655m Kuwait Patriot deal
- Alwaleed Foundation lights up 3 Saudi villages
- Poultry farms strike may trigger shortages in Bahrain
- Oman seals Victoria food security pact
- Saudi woman, 80, donates $133m to charity
- New Saudi clamp on energy drinks
- Outrage follows Bahrain killer bomb
- Improvised explosive device used in Bahrain attack